From 0a50b8807aee951a9571165ea2bd82ba5d644c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ku=C4=8Dera?= Date: Fri, 8 Sep 2023 10:55:29 +0200 Subject: [PATCH 1/3] Update MegaLinter --- .github/workflows/mega-linter.yml | 35 +++++++++++++++++-------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 864c8c2c..0b233b80 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -1,6 +1,6 @@ --- # MegaLinter GitHub Action configuration file -# More info at https://oxsecurity.github.io/megalinter +# More info at https://megalinter.io name: MegaLinter on: @@ -9,42 +9,43 @@ on: pull_request: branches: [master, main] -permissions: - contents: write - issues: write - pull-requests: write - -env: # Comment env block if you do not want to apply fixes +env: # Comment env block if you don't want to apply fixes # Apply linter fixes configuration APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) APPLY_FIXES_EVENT: push # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) APPLY_FIXES_MODE: pull_request # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} + group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true jobs: - build: + megalinter: name: MegaLinter runs-on: ubuntu-latest + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR + # Remove the ones you do not need + contents: write + issues: write + pull-requests: write steps: # Git Checkout - name: Checkout Code uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - fetch-depth: 0 + fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances # MegaLinter - name: MegaLinter id: ml # You can override MegaLinter flavor used to have faster performances - # More info at https://oxsecurity.github.io/megalinter/flavors/ - uses: oxsecurity/megalinter@v6 + # More info at https://megalinter.io/flavors/ + uses: oxsecurity/megalinter@v7 env: # All available variables are described in documentation - # https://oxsecurity.github.io/megalinter/configuration/ + # https://megalinter.io/configuration/ VALIDATE_ALL_CODEBASE: false # ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} # Validates all source when push on master, else just the git diff with master. Override with true if you always want to lint all sources GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY @@ -53,11 +54,11 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ success() }} || ${{ failure() }} - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: MegaLinter reports path: | - report + megalinter-reports mega-linter.log # Create pull request if applicable (for now works only on PR from same repository, not from forks) @@ -80,7 +81,7 @@ jobs: - name: Create PR output if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) run: | - echo "::error::Merge pull request ${{ steps.cpr.outputs.pull-request-url }} to apply fixes." + echo "::error::Merge pull request ${{ steps.cpr.outputs.pull-request-url }} to apply automatic fixes." exit 1 # Push new commit if applicable (for now works only on PR from same repository, not from forks) @@ -97,3 +98,5 @@ jobs: with: branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} commit_message: "[MegaLinter] Apply linters fixes" + commit_user_name: megalinter-bot + commit_user_email: nicolas.vuillamy@ox.security From f0fa1f58e4950e8ffba92a62c4b509838bb2d20b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ku=C4=8Dera?= Date: Fri, 8 Sep 2023 11:28:35 +0200 Subject: [PATCH 2/3] Disable Kics --- .mega-linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.mega-linter.yml b/.mega-linter.yml index b6cef9b2..5c613b97 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -17,6 +17,7 @@ DISABLE_LINTERS: - YAML_V8R - YAML_PRETTIER - REPOSITORY_DEVSKIM + - REPOSITORY_KICS - REPOSITORY_SECRETLINT - REPOSITORY_TRIVY DISABLE_ERRORS_LINTERS: # If errors are found by these linters, they will be considered as non blocking. From fd4192e2151b655c01226ff5b3f256a245c0e01f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ku=C4=8Dera?= Date: Fri, 8 Sep 2023 11:28:52 +0200 Subject: [PATCH 3/3] Fix permissions --- .github/workflows/mega-linter.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 0b233b80..93df08c5 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -9,6 +9,13 @@ on: pull_request: branches: [master, main] +permissions: + # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR + # Remove the ones you do not need + contents: write + issues: write + pull-requests: write + env: # Comment env block if you don't want to apply fixes # Apply linter fixes configuration APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) @@ -23,12 +30,6 @@ jobs: megalinter: name: MegaLinter runs-on: ubuntu-latest - permissions: - # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR - # Remove the ones you do not need - contents: write - issues: write - pull-requests: write steps: # Git Checkout - name: Checkout Code